Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-19 | CVE-2006-1844 | Unspecified vulnerability in Debian Base-Config and Shadow The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. | 2.1 |
| 2006-04-19 | CVE-2006-1843 | Cross-Site Scripting vulnerability in Cynical Games Shoutbook 1.1 Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. | 2.6 |
| 2006-04-19 | CVE-2006-1842 | HTML Injection vulnerability in Cynical Games Shoutbook 1.1 Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters. | 2.6 |
| 2006-04-19 | CVE-2006-1841 | Cross-Site Scripting vulnerability in BoastMachine Search.PHP Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. | 2.6 |
| 2006-04-19 | CVE-2006-1840 | USE of Externally-Controlled Format String vulnerability in Empire Server Empire Server Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | 6.4 |
| 2006-04-19 | CVE-2006-1839 | Unspecified vulnerability in PHP Album PHP Album 0.3.2.3 PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | 7.5 |
| 2006-04-19 | CVE-2006-1838 | SQL Injection and Authentication Bypass vulnerability in Clanscripte.Net Fuju News 1.0 edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | 7.5 |
| 2006-04-19 | CVE-2006-1837 | SQL Injection and Authentication Bypass vulnerability in Clanscripte.Net Fuju News 1.0 SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2006-04-19 | CVE-2006-1836 | Local Privilege Escalation vulnerability in Symantec LiveUpdate for Macintosh Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. | 6.8 |
| 2006-04-19 | CVE-2006-1835 | Cross-Site Scripting vulnerability in Calendarix YearCal.PHP Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. | 2.6 |